Comment edit history is public (not a fan, but Facebook does this so whatever).
Deleted comments and their edit history are visible to the repository owner (yikes).
And the clincher: their support refuses to directly delete/anonymise comments under GDPR. (Mega yikes.) They claim to be a ‘processor’ and that any GDPR request has to be forwarded to the repository owner.
I’ve never heard of such a ridiculous policy and I can’t believe this is legally possible within the spirit of the GDPR. You don’t have to ask permission from a Facebook page owner to delete a comment left on their page! Somehow GitHub has managed to get themselves classed as a hosting service, not a social network. Fair enough for the git repos themselves, but god only knows how they legally wrangled that one for things like Issues.
In conclusion, think very carefully before posting anything whatsoever on GitHub. The only way to remove it is the nuclear option (delete account).